Deploying EC2 cluster in a private subnet in AWS VPC

Hello guys,

This is my case: I have one VPC and two subnets in HA (one set to public and the other set to private, two availability zones each). The VPC has one I-GTW, router tables for both subnets, and one NAT-GTW for to private set. In the public sn set, there is a public cluster with an ALB in front of it facing the internet. And only one security group to manage this sn set (for now, it is wide open). The public set is working fine and there was no trouble at all to configure it.

Now I’m creating a cluster in the private sn set (BTW, this is the 4th time I try to create the cluster…) Also, there is one API-GTW to manage the flow to a NLB, which links to the cluster… The thing is that Rancher doesn’t finish the creation of the private cluster - it is creating the cluster for the last 2 hours and till now there is no entry in the Provisioning Log tab. The Security Group attached to this cluster (and NLB) is wide open to the internet.

Another thing is that I created two node templates, one for the private subnet and the other for the public subnet (and all other specific settings).

At this particular point, I have no clue of what to do or try. I was sure this private creation would be just as easy as the public one. Didn’t happen…

I’m pretty new in Rancher, using version 2.6.3 on Docker in an EC2 box and basing this PoC on public Rancher documentation and other documents and sample code on the Internet. There is a long learning path in front of me and I appreciate any help you could give.

Best regards